Lucene search

[email protected]NVD:CVE-2017-15906

HistoryOct 26, 2017 - 3:29 a.m.

CVE-2017-15906

2017-10-2603:29:00

CWE-732

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.007

Percentile

79.7%

JSON

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Affected configurations

Nvd

Node

openbsdopensshRange<7.6

Node

oraclesun_zfs_storage_appliance_kitMatch8.8.6

Node

debiandebian_linuxMatch8.0

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappcloud_backupMatch-

netappclustered_data_ontapMatch-

netappdata_ontap_edgeMatch-

netapphci_management_nodeMatch-

netapponcommand_unified_manager_core_packageMatch-

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

netappstorage_replication_adapter_for_clustered_data_ontapRange9.7≥vmware_vsphere

netappstorage_replication_adapter_for_clustered_data_ontapMatch9.6vmware_vsphere

netappvasa_provider_for_clustered_data_ontapRange6.0–6.2

netappvasa_provider_for_clustered_data_ontapRange9.7≥

netappvirtual_storage_consoleRange9.7≥vmware_vsphere

netappvirtual_storage_consoleMatch9.6vmware_vsphere

Node

netappcn1610_firmwareMatch-

AND

netappcn1610Match-

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
openbsdopenssh*cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
oraclesun_zfs_storage_appliance_kit8.8.6cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappcloud_backup-cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
netappclustered_data_ontap-cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
netappdata_ontap_edge-cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netapponcommand_unified_manager_core_package-cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openbsd	openssh	*	cpe:2.3:a:openbsd:openssh::::::::
oracle	sun_zfs_storage_appliance_kit	8.8.6	cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
netapp	cloud_backup	-	cpe:2.3:a:netapp:cloud_backup:-:::::::*
netapp	clustered_data_ontap	-	cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
netapp	data_ontap_edge	-	cpe:2.3:a:netapp:data_ontap_edge:-:::::::*
netapp	hci_management_node	-	cpe:2.3:a:netapp:hci_management_node:-:::::::*
netapp	oncommand_unified_manager_core_package	-	cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*
netapp	solidfire	-	cpe:2.3:a:netapp:solidfire:-:::::::*